Since 2005, the ITRC – a nationally recognized non-profit organization established to support victims of identity theft and to broaden public education and awareness in the understanding of identity theft – has identified data breaches in five industry sectors: financial/banking/credit, healthcare/medical, government/military, education, and business. So far in 2017, data breaches for each sector are:

Business sector – 54.7 percent of the total data breaches.

Healthcare/medical sector – 22.6 percent of the total data breaches.

Education sector – 11 percent of the total data breaches.

Banking/credit/financial sector – 5.8 percent of the total data breaches.

Government/military – 5.6 percent of the total data breaches.

Hacking – which includes phishing and ransomware/malware – was the leading cause of data breaches in the first half of 2017. Statistics show that 63 percent of the overall data breaches involved hacking as the primary method of attack, an increase of 5 percent over 2016 figures. Phishing was involved in 47.7 percent of hacking attacks while ransomware/malware was present in 18.5 percent of hacking attacks.

Statistics also show that 67 percent of data breach notifications or public notices did not report on the number of records impacted, an all-time record high that represents an increase of 13 percent over the first half of 2016 and a major hike over the 10-year average of 43 percent. To assess the impact of data breaches on consumers, industry observers require accurate information about the number of records.

“We have made progress in transparency regarding data breach notifications but this only goes so far when we do not have complete information. The number of records breached in a specific incident allows us to provide more insight into the scope of this problem, and is a necessary next step in our advocacy efforts,” ITRC President and CEO Eva Velasquez stated in the press release.

“Cyber attacks that target businesses are continuing to rise, as hackers aim to steal the most sensitive personal data and demand payoffs in crippling ransomware attacks. All these trends point to the need for businesses to take steps to manage their risk, prepare for common data breach scenarios, and get cyber insurance protection,” said Matt Cullina, CEO of CyberScout, the report’s sponsor.

The ITRC defines data breaches as incidents “in which an individual name plus a Social Security number, driver’s license number, medical record or financial record (credit/debit cards included) is potentially put at risk because of exposure. This exposure can occur either electronically or in paper format.” For more information about data breaches, visit www.idtheftcenter.org/Data-Breaches/data-breaches.